Skip to content

{ Author Archives }

The Rise of Personal Data Exfiltration

You may have heard that LG is collecting usage data, as well as more information, from its SmartTVs, even if you opt-out. They promise to issue a firmware update to fix it, but most consumers will never apply it as it requires a manual configuration to update and a wired Ethernet connection. In other words, […]

Top Posts for October

    The Other Effect of the Shutdown on Information Security What Are You Investing In? The Age of Self-Surveillance

Crowdsourced, Commercialized Surveillance

The Tile is an object you can put on things in order to find them using your phone. This is useful. But if your phone isn’t close enough to the object, what then? Well, you mark that item as lost and then everyone’s phone (with the app) will look for your missing item too. Think […]

The Age of Self-Surveillance

  If you see something, say something. Most of us are familiar with that little message, but I think we got it backwards. It’s focused on being the observer, not the observed; so inefficient. After all, we are all observing ourselves all the time. What if, instead, we went with “if you think something, share […]

The Other Effect of The Shutdown on Information Security

Last week I spent a little time talking to folks about the effect the shutdown has on information security. Here are the links: DefenseOne, CNN, Tripwire. There are lots of examples of how a lack of personnel may affect the ability of government agencies to respond, and how it may be a good time to […]

The term “Zero Day”

The varied use of this term has been bugging me lately. Zero Day Vulnerability A vulnerability that has not been published, either by the vendor or some other reasonably public entity (MITRE/NIST/OSVDB/ETC). The key here is that the vendor in question has has zero days to actually do anything about delivering a patch or mitigation. […]

What Are You Investing In?

At this very moment you are doing something. It could be that you’re heads down on an important project, or it could be that you’re watching funny cat videos on YouTube. Regardless, you are doing something. Everything we do is an investment, even the seemingly meaningless entertainment we may seek out at the end of […]

Tweetsplanation: Paw Prints and the iPhone 5s

Look, a cat’s paw print can unlock an iPhone 5s. The Tweet: Seems silly, right? But there are some practical considerations of why this might be important. First, the technology to identify an individual animal via a paw print could be useful in animal control, in wildlife management. What if you could place these senors […]

Tweetsplanation: The NSA and Crypto

The Tweet: The Explanation: If one starts with the assumption that the NSA wants to actually compromise encryption mechanisms in some technical way, as opposed to legally compromising them, then the secrecy of those mechanisms is key. It’s not *the* key however. As long as there are cryptographically inclined persons who also subscribe to open […]

Pre-nomaly Detection: Generating Change to Identify Non-Conformance

It was recently reported that Belgacom, Belgium’s primary telecom company, discovered a compromise that had been present for years. It reminded me of the Nortel compromise that was discovered a while back. The fact is that we’ve seen an increase in these kinds of discoveries. Details on how exactly the compromise was found are hard […]